d4Rk's 1337 h4x0r guide
About me
Search…
Introduction
Reconnaissance
Recon
OSINT
Enumeration
Network discovery
Port scanning
Webserver scanning
Exploit detection
Fuzzing
Process monitoring
Exploitation
Shells
Passwords
Web
Buffer overflow
Misc
Privilege escalation
Linux
Windows
Post exploitation
Loot
Pivoting
Standalone Tools
Services
TCP
UDP
Misc
File transfer
Overview
Wget
Pure-FTPd
TFTP
VBScript: Wget clone
Misc
Bash
Burp Suite
Crypto
Ebowla
Firefox extensions
Impacket
Memory forensics
Metasploit Framework (MSF)
MITM
Msfvenom
Pass the Hash (PTH)
PowerShell
PowerShell on Linux
Wireshark
Wordlists and dictionaries
Bug Bounty
Platforms
Tools
Powered By
GitBook
Tools
Tools
Highly inspired by
The Bug Hunter’s Methodology Jason Haddix @jhaddix
.
Seeds/Roots
crt.sh
crt.sh | Certificate Search
​
​
Shodan Search Engine
​
​
Home - Censys
​
ASN Enumeratiom
bgp.he.net
Asnlookup
Metabigor
Reverse WHOIS
whoxy.com
DOMLink
Ad/Analytics Relationships
​
builtwith.com
(also available as Firefox addon)
getrelationship.py
Google-Fu
Copyright text
Terms of service text
Privacy policy test
Subs
Linked and JS Discovery
Burp Suite Pro (or ZAP Proxy?)
GoSpider
hakrawler
Subdomainizer
subscraper
Subdomain Scraping
1
site:twitch-tv -www.twicht.tv
Copied!
1
site:twitch-tv -www.twicht.tv -watch.twitch.tv
Copied!
Amass
amass enum ...
Subfinder v2
github-subdomains.py
github-search (unstable -> run multiple times)
shosubgo
Cloud Ranges (scan all AWS, Azure, etc. check SSL certs for "target")
Sublist3r
GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers
​
Subdomain Bruting
Massdns
Amass
amass enum -brute -d twitch.tv -src
aisdnsbrute
shuffleDNS
altdns
Knockpy
GitHub - guelfoweb/knock at knock4
​
HostileSubBrutforcer
GitHub - nahamsec/HostileSubBruteforcer
​
Wordlists
all.txt
AssetNote -> commonspeak2
Favicon Analysis
favfreak
Port Analysis
Nmap
masscan (faster than Nmap)
dnmasscan
Brutespray
GitHub Dorking
github-search
Screenshotting
Aquatone
Eyewitness
httpscreenshot
WitnessMe
Subdomain takeover
can-i-take-over-xyz
Nuclei
SubOver
Automation++
interlace
Tools by TomNomNom (eg httpprobe, mage)
Frameworks
S-Tier
​
AssetNote
​
​
SpiderFoot
​
​
Project Discovery Framework
​
​
Jaeles (scanner)
​
​
Osmedeus
​
​
HunterSuite.io
​
Bunty.offensiveai.com (paid)
​
reNgine
​
Scout (paid)
A-Tier
​
Findomain Monitoring Service
​
​
Rock-ON (A One-Shoot Killer)
​
​
Automated Reconnaissance Pipeline
​
B-Tier
​
LazyRecon
​
​
Automated-Scanner
​
​
OneForAll
​
​
Chomp Scan
​
​
domained [archived]
​
​
Sudomy
​
​
Gorecon - lightweight Reconnaissance Tool [NO LONGER MAINTAINED]
​
​
TugaRecon
​
​
Photon
​
C-Tier
​
bountyRecon
​
​
recon
​
​
Recon-tools
​
​
AutoRecon
​
​
Hunter
​
​
ultimate_recon.sh
​
​
st8out.sh
​
MISC (to be cleaned up)
WebScarab
Recon-ng
GitRob
​
CyberChef
​
OnlineHashCrack.com
idb
Wireshark
Bucket Finder
Race the Web
Google Dorks
JD GUI
Mobile Security Framework
Ysoserial
Bug Bounty - Previous
Platforms
Last modified
16d ago
Copy link
Edit on GitHub
Contents
Tools
Seeds/Roots
Subs
Favicon Analysis
Port Analysis
GitHub Dorking
Screenshotting
Subdomain takeover
Automation++
Frameworks
MISC (to be cleaned up)